Recent improvements in technology have resulted in cheaper and more portable (e.g., smaller and lighter) computing devices, fueling a need for a substantial growth in network communication technology. In particular, the increasing prevalence of laptops and other types of portable computing devices has resulted in an increased demand for network connectivity in a variety of locations apart from a user's home or place of business. For example, the user of a portable computing device may wish to establish a connection to the Internet when within range of a Wireless Internet Service Provider (WISP) or an enterprise network (e.g., in a hotel or airport lounge).
In many circumstances, however, it is not desirable for the operator of a communications network to permit indiscriminate access to the network. For example, in one type of situation, it may be desirable to limit network access to paying subscribers. In another situation, for example, it may be desirable to limit network access to ticketed passengers at an airport. Accordingly, there is a great need for network systems that permits certain authenticated users partial or total access to a network, while partially or completely denying other, non-authenticated users access to the network.
In many network architectures, one or more access controllers or similar components are used for the purpose of providing selective access to a network. For example, in some network architectures, an access controller or gateway device is used to automatically redirect users to a portal page when an attempt to access the network is made. Such access controllers and gateway devices are not adequate, however, because they fail to provide a secure method to inform the user that adequate credentials are required to access a public IP network (such as the Internet). In particular, the use of current access controllers and gateway devices that automatically redirect users to a portal page following network access attempts makes it difficult to detect possible “mad in the middle” attacks, where unwanted devices spoof Internet Protocol (IP) addresses.
In light of the foregoing, it would be desirable to provide an access controller for use in network systems that is capable of presenting a service announcement page to a user in the event that user credentials must be entered prior to network access being granted, such that the security and overall user experience associated with accessing a network from a public location is increased.